package dragon.simpleOAuth.security;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
public class WebSecurityConfiger extends WebSecurityConfigurerAdapter {

//    @Autowired
//    AuthenticationProviderImpl authenticationProvider;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        /*post请求默认的都开启了csrf的模式，所有post请求都必须带有token之类
        /的验证信息才可以进入登陆页面，这边是禁用csrf模式
         */
        http.csrf().disable();
        http
                .authorizeRequests()
                //开放/oauth/**允许所有人访问
                .antMatchers("/oauth/**").permitAll()
                .and()
                //新增login form支持用户登录及授权;
                .formLogin().permitAll();
    }

//    @Override
//    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//        auth.authenticationProvider(authenticationProvider);
//    }
}
